How to enforce Device Restrictions with a GPO

We’ve seen how to restrict software (actually in two different ways) and websites via GPO. Now it’s time to restrict devices. Device restrictions can improve the security of a business network and limit potential headaches to the IT staff.

It’s also really easy to enforce a device restriction GPO.

Open the Server Manager and launch the Group Policy Management:

How to enforce Device Restrictions with a GPO

Create a new GPO:

How to enforce Device Restrictions with a GPO

Edit the policy:

How to enforce Device Restrictions with a GPO

Navigate to the path Computer Configuration\Policies\Administrative Templates\System\Device Installation\Device Installation Restrictions:

How to enforce Device Restrictions with a GPO

Enable Allow administrators to override Device Installation Restriction policies:

How to enforce Device Restrictions with a GPO

Then enable Prevent installation of devices not described by other policy settings:

How to enforce Device Restrictions with a GPO

The configuration is complete. You can use different schemes to restrict specific devices or category of devices. Microsoft lets us restrict specific drivers or device IDs, you can also restrict only removable devices.

Comments